Monday, January 16, 2012

How to Deploy or Install Audit Collection Services (ACS) in SCOM 2007 R2

Hi all,

Q: what is Audit Collection Service (ACS)

Answer: In Operations Manager 2007, you can use Audit Collection Services (ACS) to collect records generated by an audit policy and store them in a centralized database. By default, auditing is configured on individual computers and all events generated from an audit policy are saved to the local Security log of the audited computer. {microsoft}

In simple language, ACS keep the copy of “Security Log” of the Event Log. It save all these security logs in to a database.

This consist of three things.

- ACS Forwarders : this is service which is installed by default with SCOM-Agents installations but disabled.

- ACS Collector : This collector receive data from forwarders and then send the data to ACS database

- ACS Database : The SQL Database which save all the security logs in to it.

Enough theory, let’s start implementing it now.

I am installing ACS Service on my Root Management server.

PART-1

Install Audit Collection Services Server

Let’s start.

as per Microsoft in you ACS server you have the latest version of MDAC {http://go.microsoft.com/fwlink/?LinkId=74155.}. When i check the the latest version of MDAC it is 2.8 with SP1. and i already have this version because this version was published in year 2005.

Insert your SCOM installation media and run “SetupOm.exe” or if its autorun it will open automatically.

Click on “Install Audit Collection server”

a welcome wizard for ACS installation will open now then click on “NEXT”

Select “I accept the agreement” and click on “Next”

I don’t have any previously created ACS database, so i choose “Create a new database” , click on “Next”

Here it is using MDAC to connect to the SQL Server. lets choose default data source name “OpsMgrAc” and click on “Next”

In Database, i have a separate “SQL Server” for SCOM databases. Select “Remote Database Server”, and type the name of you remote “SQL Server” and in database name choose i am choosing the default name “OperationsManagerAC”, now click on “Next”.

In “Database Authentication” i choose “Windows Authentication” you can also choose “SQL Authentication” its up to you. click on “Next”

In “Database Creation Option” i choose the “use SQL Server’s default data and log file directories”, because in my SQL Server i already defined the file location for data and log files that’s why i want to use this option. click on “Next”

In “Event Retention Schedule” i choose the 3:00am and i want to keep the security log data for at least for 2 months, so i choose 60 days. Click on “Next”.

in “timestamp” i want to use my local time . click on “Next”

it’s showing the “Summary of installation”, now click on “Next”

Now it trying to create ACS database and it asking for “SQL Server Login” credentials, i was using windows authentication, so i just click on “Use trust Collection” and click on OK.

Yippy!!! its showing that our ACS Server is successfully installed. Click on Finish.

I logged in to my SQL Server to check if the database is created or not. It is successfully created.

Cool.

Till here our installation for ACS Server is finished. The next step is to enable auditing on agent.

PART-2

Enable Auditing on Agent

Open SCOM console.

Click on “Monitoring” tab and navigate to “Operations Manager” and then click on “Agents” and then click on “Agent health State”. Now the two pane will open , but we are concerned about the “Right hand side” pane only.

Now choose the Agents on the right hand side of the pane and in action tab under “Health Service tasks” click on “Enable Audit Collection”

In Credentials.I am using my “Administrator” account to run the task. provide the credentials and click on “RUN”

When you click on “RUN” it show you that task is started.

Now the status is “Success” all done :)

How can i see the Logs???? ahhh !!! that is crucial part. we need to configure “SQL Reporting Services to access these logs.

6 comments:

The ACS collector receives and processes events from ACS forwarders and then sends this data to the ACS database. This processing includes disassembling the data so that it can be spread across several tables within the ACS database. Thanks a lot......